The Cyber Security sector is awash with different technical systems, providers and services. Many of these come at a high cost and require extensive work to implement and embed within our systems. This also comes at a time when councils find themselves facing increasingly difficult financial pressures.

However successful cyber attacks often rely on human error. The ISACA Journal stated that ‘67% of successful cyberattacks result from human negligence or human-based attacks’. An example of these human-based attacks are ‘Phishing attacks’. These are the most common form of cyber attack in the UK with around 84% of businesses and 83% of charities facing them. Therefore it is important for organisations to understand the human element of their cyber security systems and ensure that it is as resilient as possible; even the most up to date and effective technical systems can be undone by the mistake of one individual.

It is in this space that Behavioral Science approaches have become increasingly used to promote strong cyber security within organisations and in the population as a whole. Behavioral Science seeks to understand how people process information and how this shapes their behaviour. Therefore, it can be applied within organisations to increase the salience of cyber security in the mind of its employees, their cyber-related behaviour and the resilience of their human element.

To support our members adopting this, on Wednesday 20th November, iNetwork delivered an engaging online event discussing the “Human Factor: Behavioural Insights in Cyber Security.” It proved to be a highly successful event with over 40 attendees. The session delved into the applications of behavioural insights to cyber security systems, presentations were delivered from our esteemed speakers: Tim Ward, Co-Founder & CEO of ThinkCyber, Lynne Coventry, Director at cyberQuarter Abertay University, Colin Strong, Head of Behavioural Science at Ipsos, and Dr. Jason Nurse, Director of Science & Research at CybSafe. 

Colin began the session by delivering a presentation on “Phishing for Data” where he discussed how ‘narratives’ play a part in how people understand complex issues and how these narratives can help those outside of the cyber security world make sense of it and its dangers. Jason Nurse did the second presentation, where he presented the work of CybSafe and their ‘Oh Behave’ report. In this he delved into the statistics around peoples behaviour and attitudes relating to cyber security. If people want to read the report please go to the CybSafe website. Next Lynne looked at how to actually apply behavioural science to cyber security within organisations and touched on some of her research and work. Finally Tim presented on ThinkCybers product RedFlags, which uses nudge theory to shape people’s behaviour to ensure that they always consider cyber security when interacting online. Finally we rounded off the session with a vibrant and engaging panel discussion between all of our speakers.

This was also the first session of our newly introduced Human Factor Series, which aims to follow up with consistent sessions all around human elements of the cyber security system. The next sessions will look at how to build organisational support for cyber security and the human attack surface. 

The importance of humans within cyber security systems cannot be understated. Keep looking out for the following human factor series events to stay abreast of the latest innovation and thinking within this space.